Individuals and organizations often wish to protect their computing devices from malware, data leaks, intrusions, and other security threats. As such, anti-malware and other security services may develop systems to detect malicious files on endpoint devices. In particular, malware detection systems may attempt to identify malicious files before users download or install the files onto their endpoint devices. In some examples, traditional malware detection systems may identify malware by analyzing properties of suspicious or unverified files. Specifically, a conventional anti-malware system may analyze content within files (e.g., by computing hashes of the files and comparing the hashes to hashes of known malware). In addition, some conventional malware detection technologies may identify malicious files by monitoring behaviors exhibited by the files.
Unfortunately, conventional malware detection systems may be unable to efficiently and accurately determine a reputation of a file that a user is attempting to install on an endpoint device. For example, analyzing content of a file and/or computing a hash of a file may require extensive time and computing resources. In addition, analyzing behavior of a file after it has been installed on an endpoint device may expose the endpoint device to security threats. The instant disclosure, therefore, identifies and addresses a need for systems and methods for determining reputations of files.